Summer Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

Isaca CGEIT Certified in the Governance of Enterprise IT Exam Exam Practice Test

Demo: 61 questions
Total 413 questions

Certified in the Governance of Enterprise IT Exam Questions and Answers

Question 1

An enterprise's chief information officer (CIO) has been receiving complaints from business executives regarding the amount their units are being charged for IT services. To maintain a good relationship with business peers, the CIO wants to be responsive to these complaints. To address this issue, the FIRST step should be to:

Options:

A.

agree to reduce charge rates and improve relationship management with the business.

B.

look into outsourcing of support functions to drive down the cost structure.

C.

ask the chief financial officer (CFO) about budget revisions for the business units' IT expenditures.

D.

quantify consumption and service level agreement (SLA) achievements per business unit.

Question 2

To ensure IT risk is managed in a consistent manner, it is MOST important for IT governance to establish a:

Options:

A.

risk management committee to identify IT-related risks.

B.

risk management framework.

C.

balanced scorecard that includes IT risks.

D.

risk management reporting tool to ensure compliance.

Question 3

IT security is concerned with employees' increasing use of personal equipment for work-related purposes, while employees claim it allows them to be more productive. A decision on whether to modify the enterprise information security policy should be based on:

Options:

A.

audit findings.

B.

user access approval procedures.

C.

the impact to security.

D.

a risk and benefit evaluation.

Question 4

Communicating which of the following to staff BEST demonstrates senior management's commitment to IT governance?

Options:

A.

Legal and regulatory requirements

B.

Approved IT investment opportunities

C.

Objectives and responsibilities

D.

Need for enterprise architecture (EA)

Question 5

Before an IT strategy committee can approve an IT risk assessment framework, which of the following is MOST important to have established?

Options:

A.

An enterprise risk mitigation strategy

B.

Leading and lagging risk indicators

C.

IT performance metrics and standards

D.

Enterprise definitions for risk impact and probability

Question 6

Which of the following would be the MOST effective way to ensure IT capabilities are appropriately aligned with business requirements for specific business processes?

Options:

A.

Establishing key performance indicators {KPIs)

B.

Requiring Internal IT architecture and design reviews

C.

Requiring architecture and design reviews with business process stakeholders

D.

Issuing a management mandate that IT and business process stakeholders work together

Question 7

An IT department has forwarded a request to the IT strategy committee for funding of a discretionary Investment. The committee's MOST important consideration should be to evaluate:

Options:

A.

the technical feasibility of the investment.

B.

the business and technical scope of the investment •

C.

whether the investment supports corporate goals

D.

whether the investment aligns with the enterprise architecture (EA).

Question 8

Which of the following is the MOST important reason for selecting IT key risk indicators (KRIs)?

Options:

A.

Demonstrating the effectiveness of IT risk policies

B.

Assessing the current IT controls model

C.

Enabling comparison against similar IT KRIs

D.

Increasing the probability of achieving IT goals

Question 9

An enterprise is trying to increase the maturity of its IT process from being ad hoc to being repeatable. Which of the following is the PRIMARY benefit of this change?

Options:

A.

Process optimization is embedded across the organization.

B.

Required outcomes are mapped to business objectives.

C.

Process performance is measured in business terms.

D.

Required outcomes are more frequently achieved.

Question 10

Which of the following is the MOST important attribute of an information steward?

Options:

A.

The information steward manages the systems that process the relevant data.

B.

The information steward has expertise in managing data quality systems.

C.

The information steward is closely aligned with the business function.

D.

The information steward is part of the information architecture group.

Question 11

An enterprise is planning to outsource data processing for personally identifiable information (Pll). When is the MOST appropriate time to define the requirements for security and privacy of information?

Options:

A.

When issuing requests for proposals (RFPs)

B.

After an assessment of the current information architecture .

C.

When developing service level agreements (SLAs)

D.

During the initial vendor selection process

Question 12

Which of the following is the BEST indication that enterprise value is being derived from IT?

Options:

A.

IT strategy supports continuous improvement initiatives

B.

Metrics are established for IT performance.

C.

Rate of return for projects is achieved.

D.

IT services enable business strategy.

Question 13

The CEO of an organization is concerned that there are inconsistencies in the way information assets are classified across the enterprise. Which of the following is be the BEST way for the CIO to address these concerns?

Options:

A.

Include data assets in the IT inventory.

B.

Identify data owners across the enterprise.

C.

Require enterprise risk assessments.

D.

Implement enterprise data governance.

Question 14

A software company's products have had significant quality issues in recent releases. As a result, market reputation and customer satisfaction ratings have been suffering. What should executive leadership do FIRST to address this concern?

Options:

A.

Allocate budget to hire more software and quality assurance specialists

B.

Implement a software development life cycle (SDLC) framework.

C.

Mandate more robust software testing prior to release.

D.

Require a root cause analysis and review results.

Question 15

An IT steering committee wants the enterprise's mobile workforce to use cloud-based file storage to save non-sensitive corporate data, removing the need for remote access to that information. Before this change is implemented, what should be included in the data management policy?

Options:

A.

A mandate for periodic employee training on how to classify corporate data files

B.

A mandate for the encryption of all corporate data files at rest that contain sensitive data

C.

A process for blocking access to cloud-based apps if inappropriate content is discovered

D.

A requirement to scan approved cloud-based apps for inappropriate content

Question 16

The BEST way to decide how to prioritize issues identified in an IT risk and control self-assessment (CSA) is to understand the risk and:

Options:

A.

impact to the enterprise.

B.

criticality of IT services affected.

C.

number of IT systems affected.

D.

funds required for remediation.

Question 17

The BEST way to manage continuous improvement of governance-related processes is to:

Options:

A.

assess existing process resource capacities.

B.

define accountability based on roles and responsibilities.

C.

apply effective quality management practices.

D.

require third-party independent reviews.

Question 18

Which of the following is MOST critical for the successful implementation of an IT process?

Options:

A.

Process framework

B.

Service delivery process model

C.

Objectives and metrics

D.

IT process assessment

Question 19

Which of the following will BEST enable an IT steering committee to monitor the achievement of overall IT objectives on a continuous basis?

Options:

A.

Defined service level agreements (SLAs)

B.

Project portfolio dashboards

C.

Key performance indicators (KPIs)

D.

IT user survey results

Question 20

Which of the following BEST supports an enterprise's ability to comply with privacy laws and regulations?

Options:

A.

Complete inventory of enterprise data

B.

Implementation of a breach notification process

C.

Accurate classification of enterprise data

D.

Robust enterprise policy related to data retention

Question 21

An IT steering committee is evaluating whether a third-party supplier is delivering the correct level of service Reviewing which of the following will provide the BEST information to the committee?

Options:

A.

Key performance indicators (KPIs)

B.

Service portfolio management

C.

Vendor status reports

D.

Operational cost reduction reports

Question 22

An enterprise has decided to implement an enterprise resource planning (ERP) system to achieve operating and cost efficiencies through global IT standardization. The business units are resistant because they are used to operating autonomously. The CEO has instructed the CIO to move quickly with the implementation to force acceptance with business unit leaders. Which of the following should be the ClO's FIRST step?

Options:

A.

Build a governance framework for identifying non-standard processes.

B.

Request funding from the CEO to hire ERP consultants.

C.

Ask the CEO to be the sponsor of the program

D.

Engage a reluctant business unit to conduct a proof-of-concept pilot.

Question 23

Once the strategic vision has been established, which of the following would be the BEST activity for supporting the implementation of performance measures?

Options:

A.

Monitor service level performance.

B.

Document strengths, weaknesses, opportunities, and threats.

C.

Document policy requirements

D.

Identify key performance indicators (KPIs).

Question 24

Facing financial struggles, a CEO mandated severe budget cuts. A decision was also made to immediately change the enterprise strategic focus to put more reliance on mobile, cloud, and wireless services in an effort to boost revenue. The IT steering committee has asked the CIO to suggest adjustments to the current IT project portfolio to allow support for the new direction despite fewer funds. What should the CIO advise the committee to do FIRST?

Options:

A.

Ask business stakeholders to discuss their vision for the new strategy.

B.

Cancel projects with a net present value (NPV) below a defined threshold.

C.

Conduct a risk assessment against the potential new services.

D.

Start re-allocating budget to projects involving mobile or cloud.

Question 25

An enterprise is planning a transformation initiative by leveraging emerging technology that will have a significant impact on existing products and services Which of the following is the BEST way for IT to prepare for this change?

Options:

A.

Use a balanced scorecard to measure IT outcomes.

B.

Analyze emerging technology products and related training needs.

C.

Procure appropriate resources to support emerging technology

D.

Assess the impact on the existing IT strategy

Question 26

Which of the following is the MOST important consideration when developing a new IT service'?

Options:

A.

Return on investment (ROI)

B.

Resource requirements.

C.

Service level agreements (SLAs)

D.

Economies of scale

Question 27

An enterprise has made the strategic decision to reduce operating costs for the next year and is taking advantage of cost reductions offered by an external cloud service provider. Which of the following should be the IT steering committee's PRIMARY concern?

Options:

A.

Calculating the cost of the current solution

B.

Updating the business risk profile

C.

Changing the IT steering committee charter

D.

Revising the business's balanced scorecard

Question 28

An enterprise plans to expand into new markets in countries lacking data privacy regulations, increasing risk exposure. Which of the following is the BEST course of action for the CIO?

Options:

A.

Identify business risk appetite and tolerance levels.

B.

Quantify the risk impact and evaluate possible countermeasures.

C.

Limit the personal data available to the high-risk countries.

D.

Mandate the strengthening of user access controls.

Question 29

Due to continually missed service level agreements (SLAs), an enterprise plans to terminate its contract with a vendor providing IT help desk services. The enterprise s IT department will assume the help desk-related responsibilities. Which of the following would BEST facilitate this transition?

Options:

A.

Requiring the enterprise architecture (EA) be updated

B.

Validating that the balanced scorecard is still meaningful

C.

Ensuring IT will operate at a lower cost than the vendor

D.

Ensuring a change management plan is in place

Question 30

Which of the following would be the BEST long-term solution to address the concern regarding loss of expenenced staff?

Options:

A.

implement knowledge management practices

B.

Establish a mentoring program for IT staff

C.

Determine key risk indicators (KRIs)

D.

Retain key staff as consultants.

Question 31

An IT governance committee is defining a risk management policy for a portfolio of !T-enabled investments Which of the following should be the PRIMARY consideration when developing the policy?

Options:

A.

Risk management framework

B.

Possible investment failures

C.

Value obtained with minimum risk

D.

Risk appetite of the enterprise

Question 32

An IT value delivery framework PRIMARILY helps an enterprise

Options:

A.

increase transparency of value to the enterprise

B.

assist top management in approving IT projects

C.

improve value of successful IT projects

D.

optimize value to the enterprise.

Question 33

What should be done FIRST when feedback indicates recently implemented software products are not meeting business unit expectations?

Options:

A.

Review help desk logs.

B.

Confirm user acceptance testing (UAT) was completed.

C.

Request a gap analysis.

D.

Institute a new software training program

Question 34

When developing an IT training plan, which of the following is the BEST way to ensure that resource skills requirements are identified?

Options:

A.

Extract training requirements from deficiencies reported in customer service satisfaction surveys.

B.

Ask managers to determine IT training requirements annually.

C.

Determine training needs based on the capabilities to support the IT strategy.

D.

Survey employees for IT skills requirements based upon technology trends.

Question 35

When developing an IT governance framework, it is MOST important for an enterprise to consider:

Options:

A.

information technology risk.

B.

framework development cost.

C.

information technology strategy.

D.

stakeholders' support.

Question 36

Which of the following would a CIO use to present the overall view of IT performance to the board of directors?

Options:

A.

Balanced scorecard

B.

Key risk indicators (KRIs)

C.

Maturity model

D.

Key performance indicators (KPIs)

Question 37

To ensure that information can be traced to the originating event and accountable parties, an enterprise should FIRST:

Options:

A.

capture source information and supporting evidence.

B.

improve business process controls.

C.

review information event logs tor potential incidents.

D.

review retention requirements for source information.

Question 38

A newly established IT steering committee is concerned whether a system is meeting availability objectives. Which of the following will provide the BEST information to make an assessment?

Options:

A.

Balanced scorecard

B.

Capability maturity levels

C.

Performance indicators

D.

Critical success factors (CSFs)

Question 39

A regulatory audit assessed an enterprise's main transactional application as noncompliant. In addition to fines and required corrections, an agreement was reached to implement a set of governance controls over IT. Accountability for these controls is BEST assigned to which of the following?

Options:

A.

CIO

B.

Internal audit director

C.

Application users

D.

The board of directors

Question 40

An enterprise experiencing issues with data protection and least privilege is implementing enterprise-wide data encryption in response. Which of the following is the BEST approach to ensure all business units work toward remediating these issues?

Options:

A.

Develop key performance indicators (KPIs) to measure enterprise adoption.

B.

Integrate data encryption requirements into existing and planned projects.

C.

Assign owners for data governance initiatives.

D.

Mandate the creation of a data governance framework.

Question 41

Which of the following is the BEST IT architecture concept to ensure consistency, interoperability, and agility for infrastructure capabilities?

Options:

A.

Establishment of an IT steering committee

B.

Standards-based reference architecture and design specifications

C.

Establishment of standard vendor and technology designations

D.

Design of policies and procedures

Question 42

The CIO of an enterprise learns the payroll server of a competitor has been the victim of ransomware. To help plan for the possibility of ransomed corporate data, what should be the ClO's FIRST course of action?

Options:

A.

Require development of key risk indicators (KRls).

B.

Develop a policy to address ransomware.

C.

Request a targeted risk assessment.

D.

Back up corporate data to a secure location.

Question 43

The board of directors of an enterprise has approved a three-year IT strategic program to centralize the core business processes of its global entities into one core system. Which of the following should be the ClO's NEXT step?

Options:

A.

Engage a team to perform a business impact analysis (BIA).

B.

Require the development of a risk management plan.

C.

Determine resource requirements for program implementation.

D.

Require the development of a program roadmap.

Question 44

When developing a framework to implement IT governance, which of the following BEST contributes to the successful implementation?

Options:

A.

Practical and enforceable policies

B.

Automated compliance tracking

C.

Comprehensive and timely audit reviews

D.

Periodic peer reviews

Question 45

An enterprise is replacing its customer relationship management (CRM) system with a cloud-based system. Which of the following should be done FIRST when preparing for data migration"*

Options:

A.

Review the enterprise data architecture.

B.

Establish a data quality plan

C.

Consult the quality assurance (QA) function.

D.

Acquire data migration tools.

Question 46

The CEO of a large enterprise has announced me commencement of a major business expansion that will double the size of the organization. IT will need to support the expected demand expansion. What should the CIO do FIRST?

Options:

A.

Review the resource utilisation matrix.

B.

Recruit IT resources based on the expansion decision.

C.

Embed IT personnel in the business units.

D.

Update the IT strategic plan to align with the decision.

Question 47

An enterprise's board of directors can BEST manage enterprise risk by:

Options:

A.

mandating board-approved enterprise risk management (ERM) modifications.

B.

requiring the establishment of an enterprise risk management (ERM) framework.

C.

requiring the establishment of an enterprise-wide program management office.

D.

ensuring the cost-effectiveness of the internal control system.

Question 48

Which of the following should be the MAIN governance focus when implementing a newly approved bring your own device (BYOD) policy?

Options:

A.

Recommending mobile applications that will increase business productivity

B.

Training employees on the enterprise's chosen mobile device management system

C.

Educating employees on the increased IT security risk to the enterprise

D.

Understanding knowledge gaps of IT employees to support different mobile platforms

Question 49

Following a strategic planning session, new IT objectives were announced. Which of the following is the MOST effective way for the CIO to ensure these objectives are cascaded to IT personnel?

Options:

A.

Communicate the new IT objectives during a staff meeting.

B.

Define individual performance measures related to the IT objectives.

C.

Establish IT management's performance measures based on the IT objectives.

D.

Update the IT balanced scorecard to align with the new IT objectives.

Question 50

Which of the following is the MOST important consideration for data classification to be successfully implemented?

Options:

A.

Users should be provided with clear instructions that are easy to follow and understand.

B.

The data classification tools integrate with other tools that help manage the data.

C.

The classification scheme should be closely aligned with the IT strategic plan.

D.

Senior management should be properly trained in monitoring compliance.

Question 51

Six months ago, an enterprise's CIO reorganized IT to improve service delivery to the business. Which of the following would BEST demonstrate the effectiveness of the reorganization?

Options:

A.

The number of help desk calls

B.

A balanced scorecard

C.

A survey of IT staff

D.

IT cost reduction

Question 52

A global enterprise is experiencing an economic downturn and is rapidly losing market share. IT senior management is reassessing the core activities of the business, including IT, and the associated resource implications. Management has decided to focus on its local market and to close international operations. A critical issue from a resource management perspective is to retain the most capable staff. This is BEST achieved by:

Options:

A.

reviewing current goals-based performance appraisals across the enterprise.

B.

ranking employees across the enterprise based on their compensation.

C.

ranking employees across the enterprise based on length of service.

D.

retaining capable staff exclusively from the local market.

Question 53

An enterprise is conducting a SWOT analysis as part of IT strategy development. Which of the following would be MOST helpful to identify opportunities and threats?

Options:

A.

Risk appetite

B.

Internal framework assessment

C.

Competitor analysis

D.

Critical success factors (CSF)

Question 54

An IT steering committee is preparing to review proposals for projects that implement emerging technologies. In anticipation of the review, the committee should FIRST:

Options:

A.

determine if the IT staff can support the emerging technologies.

B.

understand how the emerging technologies will influence risk across the enterprise.

C.

require a capacity plan and framework review for the emerging technologies,

D.

require a review of the enterprise risk management framework.

Question 55

Which of the following is MOST important to effectively initiate IT-enabled change?

Options:

A.

Establish a change management process.

B.

Obtain top management support and ownership.

C.

Ensure compliance with corporate policy.

D.

Benchmark against best practices.

Question 56

Which of the following would provide the MOST useful information to understand the associated risks when implementing a new digital transformation strategy?

Options:

A.

Risk policy

B.

Risk framework

C.

Risk heat map

D.

Risk register

Question 57

The PRIMARY objective of promoting business ethics within the IT enterprise should be to ensure:

Options:

A.

trust among internal and external stakeholders.

B.

employees act more responsibly.

C.

corporate social responsibility.

D.

legal and regulatory compliance.

Question 58

An enterprise wants to reduce the complexity of its data assets while ensuring impact to the business is minimized during the transition. Which of the following should be done FIRST?

Options:

A.

Remove applications that are not aligned with the information architecture.

B.

Review the information classification and retention policies

C.

Review the information architecture.

D.

Assess current information ownership.

Question 59

The PRIMARY objective of building outcome measures is to:

Options:

A.

monitor whether the chosen strategy is successful

B.

visualize how the strategy will be achieved.

C.

demonstrate commitment to IT governance.

D.

clarify the cause-and-effect relationship of the strategy.

Question 60

An enterprise is planning a change in business direction. As a result, IT risk will significantly increase. Which of the following should be the GO'S FIRST course of action?

Options:

A.

Recommend delaying the business change.

B.

Implement IT changes to align with the plan.

C.

Report the risk to executive management

D.

Plan for the corresponding IT reorganization.

Question 61

The CIO of a large enterprise has taken the necessary steps to align IT objectives with business objectives. What is the BEST way for the CIO to ensure these objectives are delivered effectively by IT staff?

Options:

A.

Map the IT objectives to an industry-accepted framework.

B.

Enhance the budget for training based on the IT objectives.

C.

Include the IT objectives in staff performance plans.

D.

Include CIO sign-off of the objectives as part of the IT strategic plan.

Demo: 61 questions
Total 413 questions